6 results (0.024 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. Jenkins HP ALM Quality Center Plugin versiones 1.6 y anteriores, almacenan una contraseña sin cifrar en su archivo de configuración global en el maestro de Jenkins, donde pueden ser visualizados por los usuarios con acceso al sistema de archivos maestro • http://www.openwall.com/lists/oss-security/2020/07/02/7 https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.8EPSS: 24%CPEs: 2EXPL: 0

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. Vulnerabilidad no especificada en HP Application Lifecycle Management (también conocido como Quality Center) 11.5x y 12.0x permite a usuarios locales ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2138. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Application Lifecycle Management. This vulnerability requires the attacker to have an unprivileged account on the Application Lifecycle Management System. The specific flaw exists within the ACLs on a specific installed directory. Because this directory allows any user to create a file, an unprivileged attacker can place a malicious DLL on the system. • http://www.securitytracker.com/id/1030698 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394553 •

CVSS: 7.5EPSS: 92%CPEs: 6EXPL: 0

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759. Vulnerabilidad no especificada en la implementación de GossipService SOAP Request en el componente Synchronizer anterior a 1.4.2 en HP Application LifeCycle Management (ALM) permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, aka ZDI-CAN-1759. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service named GossipServiceSoapBinding. This web service is vulnerable to SQL injection. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436 •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327. Vulnerabilidad no especificada en el componente cliente de HP Application Lifecycle Management (ALM) antes de 11 p11 que permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1327. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969433 •

CVSS: 10.0EPSS: 86%CPEs: 6EXPL: 1

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874. HP ProCurve Manager (PCM) 3.20 y 4.0, PCM+ 3.20 y 4.0, Identity Driven Manager (IDM) 4.0 y Application Lifecycle Managemen permiten a atacantes remotos ejecutar código arbitrario a través de un objeto marshalizado a (1) EJBInvokerServlet o (2) JMXInvokerServlet, también conocido como ZDI-CAN-1760. NOTA: esto es probablemente un duplicado de CVE-2007-1036, CVE-2010-0738 y/o CVE-2012-0874. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus and Application Lifecycle Management. • https://www.exploit-db.com/exploits/28713 http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409 http://marc.info/?l=bugtraq&m=138696448823753&w=2 http://marc.info/?l=bugtraq&m=143039425503668&w=2 http://secunia.com/advisories/54788 http://www.securitytracker.com/id/1029010 http://zerodayinitiative.com/advisories/ZDI-13-229 • CWE-94: Improper Control of Generation of Code ('Code Injection') •